Skip to main content

Identity-based security framework. Every node is a user. Everything between is encrypted at rest.

Project description

Bedrock

Build your app. Inherit the security.

PyPI

Bedrock is the security layer your app sits on top of.
Identity, encryption, consent, and audit — handled from the start.

Version Tests Python License Free Trial


You don't bolt security on after the fact. You build on Bedrock, and your app inherits it.

Bedrock is a security framework that your application calls into — not a service you route traffic through. When your app uses Bedrock's SDK, every node gets a cryptographic identity, every field write gets encrypted at rest, every cross-silo read requires cryptographic consent, and every action gets written to a tamper-evident audit chain. Your app focuses on business logic. Bedrock handles the security guarantees.

What Your App Gets

  • Cryptographic identity for every node. Each service, device, or user in your system gets a signed identity. No anonymous access.
  • Field-level encryption at rest. Data is encrypted before it hits storage. Siloed by category — medical records, financial data, PII — each in its own encrypted container.
  • Consent-gated data access. No cross-silo read without a cryptographic consent token. If the patient didn't authorize it, the data doesn't move.
  • Tamper-evident audit chain. Every write, read, consent grant, and revocation is SHA-256 chained. Detect tampering, prove compliance.
  • Self-healing mesh transport. Encrypted node-to-node communication with automatic failover and reconnection.
  • License-gated operation. Runtime enforcement of tier limits — nodes, certificates, features.

Your app calls the SDK. The SDK calls Bedrock Core. The security is there because you built on Bedrock, not because you remembered to add it later.

How It Works

┌─────────────────────────────────────────────────────┐
│                    Your Application                   │
│                                                       │
│   Business logic, routes, UI — whatever you build     │
│                                                       │
├──────────┬──────────┬──────────────────────────────┤
│  Python  │TypeScript│          REST API              │
│   SDK    │   SDK    │                                │
├──────────┴──────────┴──────────────────────────────┤
│                                                       │
│                  Bedrock Core                         │
│                                                       │
│   You inherit: identity, encryption, consent,         │
│   audit, key management, mesh transport               │
│                                                       │
└─────────────────────────────────────────────────────┘

Your app makes normal SDK calls — register a node, create a silo, encrypt a field, request consent. Bedrock handles the cryptography, the key derivation, the consent verification, the audit logging. You never touch raw crypto. You never write your own access control. You build on top, and the security is already there.

Status

Bedrock v0.3 is an active development release. Core modules (crypto, identity, data separation, licensing) are well-tested (841 tests, zero type errors). The HTTP API server has SQLite persistence and works for development and testing, but is not yet hardened for production traffic. See PRODUCTION_DEPLOYMENT.md for the roadmap.

Quick Start

# Install
pip install bedrock-core

# Initialize a project
bedrock init ./my-project
cd my-project

# Generate a free 30-day trial license
bedrock trial --licensee "your-email@example.com"

# Start the API server
bedrock serve

From Source

git clone https://github.com/drc10101/bedrock.git
cd bedrock/core
pip install -e ".[dev]"
pytest

# Or with Docker
docker compose -f deploy/docker-compose.yml up

Use It In Your App

Python

from bedrock_sdk import BedrockClient

client = BedrockClient(
    base_url="https://bedrock.infill.systems",
    license_key="1:...",
)

# Register your service as a node — it now has a cryptographic identity
node = client.nodes.register(name="my-service", node_type="application")

# Create a data silo — medical records live here, encrypted at rest
silo = client.silos.create(
    name="patient-records",
    display_name="Patient Records",
    categories=["medical", "phi"],
)

# Encrypt a field before storing it — Bedrock handles key derivation
ciphertext = client.encryption.encrypt(
    plaintext="SSN-123-45-6789",
    silo=silo.silo_id,
    record_id="patient-001",
    scope="ssn",
    operation="store",
)

# Request consent before reading cross-silo data — cryptographic proof required
consent = client.consent.request(
    requester_id=node.node_id,
    target_id="patient-001",
    silo_id=silo.silo_id,
    purpose="treatment",
    scope=["ssn", "diagnosis"],
)

TypeScript

import { BedrockClient } from "@infill/bedrock-sdk";

const client = new BedrockClient({
  baseUrl: "https://bedrock.infill.systems",
  licenseKey: "1:...",
});

// Same API surface as Python SDK
const node = await client.nodes.register({ name: "my-service" });
const silo = await client.silos.create({ name: "patient-records" });

That's it. Your app now has identity, encryption, consent, and audit — because it's built on Bedrock.

CLI Commands

Command Description
bedrock init [dir] Initialize a new project (config, keys, env template)
bedrock trial [--licensee] Generate a free 30-day trial license
bedrock serve [--host] [--port] Start the API server
bedrock keygen [--key-id] Generate a signing key
bedrock license issue --tier --licensee Issue a license key
bedrock license validate --key Validate a license key
bedrock license revoke --key-id Revoke a signing key
bedrock health [--json] Run health checks
bedrock status Show system status and config

Licensing

Bedrock is source-available under the Business Source License 1.1.

Free Trial

Start with a free 30-day trial — full developer features, 3 local nodes, self-signed certificates. No credit card required.

bedrock trial --licensee "your-email@example.com"

Pricing

Tier Price Nodes Certificates Use Case
Trial Free (30 days) 3 Self-signed Evaluation and development
Developer $99/yr 3 Self-signed Individual development
Professional $499/yr 10 Self-signed Team development
Starter $5K/yr 5 CA-enforced Production deployment
Business $20K/yr 25 CA-enforced Production at scale
Enterprise Custom Unlimited CA-enforced Mission-critical deployments

Non-production use (development, testing, evaluation) is free forever under BSL-1.1. Production deployment requires a paid license.

How It Works

  1. bedrock trial — get a free 30-day license with full developer features
  2. Build your app on Bedrock — identity, encryption, consent, audit are inherited
  3. When ready for production, purchase a runtime license at bedrock.dev/pricing
  4. Upgrade your license key — no code changes, no reinstallation

Testing

# Core tests
cd core && pytest

# Python SDK tests
cd sdk-python && pytest

# TypeScript SDK tests
cd sdk-ts && npm test

841 tests pass across core modules (841) and Python SDK (20). Zero type errors.

Security

See SECURITY.md for reporting vulnerabilities.

Do not report security issues through public GitHub issues.

License

This software is licensed under the Business Source License 1.1.

You may use, modify, and redistribute this software for non-production purposes (development, testing, evaluation) free of charge. Production use requires a paid license — see bedrock.dev/pricing.

The BSL converts to an open-source license (typically Apache 2.0) on a predetermined change date — see the LICENSE file for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

infill_bedrock-0.3.1.tar.gz (112.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

infill_bedrock-0.3.1-py3-none-any.whl (128.4 kB view details)

Uploaded Python 3

File details

Details for the file infill_bedrock-0.3.1.tar.gz.

File metadata

  • Download URL: infill_bedrock-0.3.1.tar.gz
  • Upload date:
  • Size: 112.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for infill_bedrock-0.3.1.tar.gz
Algorithm Hash digest
SHA256 7e2a34a33620ac7a881d753d4d603ad560abe9f3a8d2b511ec6fc369a864bd17
MD5 ecfbbf58a0ed1a66514056aab50d9d02
BLAKE2b-256 cc3693a1c9365e81538db5d05a83d5beb8b7d8fcf780008880bb58353ae14a48

See more details on using hashes here.

File details

Details for the file infill_bedrock-0.3.1-py3-none-any.whl.

File metadata

  • Download URL: infill_bedrock-0.3.1-py3-none-any.whl
  • Upload date:
  • Size: 128.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for infill_bedrock-0.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 72ba0f7abf51a848d249bdfab85cc474b5195492786126d69bfbd848eb55f98a
MD5 eb263781b9dffa83542e070f056e3b2f
BLAKE2b-256 f675c4b318b28d3bef86c1cd98b1dfb3e260b418d510fab4ca81406fa1aa1612

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page